Note: This post was originally written and posted on Medium. It has been copied here for posterity.

The Challenge

Welcome back to the newest installment of my writeups on the Magnet Weekly CTF. This challenge was solved in what is likely a record 4 minutes but still has an interesting solution so let’s get into it.

The challenge this week asked, “What domain was most recently viewed via an app that has picture-in-picture capability?” At first, this seemed a daunting challenge but when I broke it down it became much easier to understand. The first thing I did to do this was to disregard the line about the app supporting picture in picture. The main objective of the task was to identify a domain and to me, that meant I was going to be looking at web history. This was further supported by the hint provided via the challenge announcement to look at a webinar that Jessica Hyde and Tarah Melton had given earlier this year on the different data that can be found with a google takeout and an image of an android device. The thumbnail of this webinar showed the Chrome Web Visits artifact tab in axiom and that was enough for me to start looking there. What I found was the last address in the list was malliesae.com/investor-page/. Submitting just the domain of http://malliesae.com completed the challenge for this week.